Solving the Oracle Critical Patch Headache
Sentrigo and Maxima are working together to resolve one of the most pressing problems for users of Oracle software in 2009. It is recognised that many Oracle professionals, equating to two-thirds of 300 users polled in a recent 2008 Sentrigo survey, are taking a serious risk by never applying Oracle’s quarterly Critical Patch Updates. Although there is awareness of the obvious threats from the existence of these vulnerabilities, the continued widespread exposure stems from the significant amount of effort needed and unwanted business system disruption caused by taking remedial actions on such a frequent basis. In short, patching is necessary for security, but difficult to manage systematically. Additionally, older database versions of Oracle (8i and 9i), though still in use, are exposed to many security vulnerabilities that are not covered by the quarterly CPU program of Oracle. In a theme of our times, often the human attitude to risk management lulls us into a false sense of security if a quarterly Critical Patch Update is missed for operational reasons and nothing happens immediately. However, practical measures in the form of software and support are required to address the underlying issues that have contributed to the prevalence of this problem.
The offering between Sentrigo and Maxima is unique in that it offers complementary software and services solutions targeted at resolving this specific problem, by serving as a stop gap until actual patches coming from Oracle can be deployed. Sentrigo’s Hedgehog vPatch software, deployed as part of a subscription-based offering, provides host-based technology that can detect and prevent in real-time database attacks by creating a security layer that monitors for exploits of generic and specific database vulnerabilities. This virtual patching provides comprehensive coverage for the majority of the vulnerabilities repaired by Oracle’s quarterly CPUs within 5 days of the actual Oracle release date, without downtime of critical business applications and with no application testing required. This timely, non-disruptive and protective software shield is made available courtesy of Sentrigo’s Red Team, a team of dedicated security researchers who have been recently credited by Oracle for finding Oracle’s most recent vulnerabilities (January 2009).
Both Sentrigo and Maxima strongly recommend timely deployment of the Oracle quarterly CPU as the best way to protect corporate databases. However in reality this is not always feasible, the Sentrigo Hedgehog vPatch software is an essential solution for database protection from security vulnerabilities. When realistic opportunities arise for the application of Oracle’s security patches, Maxima can provide the expertise and flexibility of resource allocation needed to apply these patches in a disciplined manner across all environments, before any necessary QA and regression tests.
As an Oracle Certified Advantage Partner, Maxima can call on a team of certified Oracle DBAs, supported by system software such as Oracle’s Enterprise Manager, to implement the process of end-to-end patch management. Maxima will work in close co-operation with you across the whole 24x7 period both to maximise system availability and minimise the amount of ongoing effort. Maxima will introduce a standardised approach, built on their real-world experience in the core disciplines of change, release and configuration management, but tailored to the situation of each customer. Maxima’s Oracle CPU patch management service can be delivered as part of a remote managed service either instead of or complementary to the use of Sentrigo’s virtual patching software described above, or as a method to alleviate the demand placed on the resources of your own security teams.
To understand more about the potential security risk to your business Maxima would like to set up a one hour meeting with all relevant parties within your business to discuss any specific action that should be taken. To make an appointment email marketing@maxima.co.uk
Try before you buy – Go to www.virtual-patching.com to request your free 14-day evaluation.
